1 / 18

Risk Models and Controlled Mitigation of IT Security

Risk Models and Controlled Mitigation of IT Security. R. Ann Miura-Ko Stanford University February 27, 2009. Attackers and Defenders. Denial of Service. Policies. Firewalls. Viruses and Worms. Backup / Redundancy. Data sniffing / spoofing. Intrusion Detection. Unauthorized Access.

mira-weeks
Download Presentation

Risk Models and Controlled Mitigation of IT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009

  2. Attackers and Defenders Denial of Service Policies Firewalls Viruses and Worms Backup / Redundancy Data sniffing / spoofing Intrusion Detection Unauthorized Access Malicious Attackers Defenders Anti-Virus Software Port scanning Authentication / Authorization Malware / Trojans Encryption

  3. Thesis Overview • Mathematical modeling of IT Risk encompasses a large and relatively uncharted territory • Modeled selected anchor points within the space focused on different levels of decision making: Inter-Organization and Industry level Investments How do organizations invest their limited resources given the relationships they have with one another? Enterprise level resource allocation Given an IT budget, how should a manager spend those resources over time? Physical layer control How do you design the physical infrastructure to meet reliability and security requirements?

  4. Motivating Example: Web Authentication • Same / similar username and password for multiple sites • Security not equally important to all sites Shared risk for all

  5. Literature Background • Interdependent Security • IT Security Leads to Externalities: Camp (2004) • Tipping Point for Investments: Kunreuther and Heal (2003) • Free Riding: Varian (2004) • Network Game Theory • Network Games: Galeotti et al. (2006) • Linear Influence Network Games: Balleste and Calvo-Armengol (2007)

  6. Model Fundamentals • Companies make investments in security • Companies have complex interdependencies • Complementarities and competition • Leads to positive and negative interactions • Who invests and how much? • Can we improve this equilibrium? • What does the model say about policy?

  7. -.1 -.1 .2 .1 -.1 -.1 .1 .2 .2 -.1 -.1 .1 -.1 -.1 .2 .1 -.1 -.1 .1 .2 Network Model • Network = Directed Graph • Nodes = Decision making agents • Links = influence / interaction • Weights = degree of influence

  8. -.1 -.1 .2 .1 -.1 -.1 .1 .2 .2 -.1 -.1 .1 -.1 -.1 .2 .1 -.1 -.1 .1 .2 Incentive Model • Each agent, i, selects investment, xi • Security of i determined by total effective investment: • Benefit received by agent i: • Cost of investment: • Net benefit:

  9. How will agents react? • Single stage game of complete information • All agents maximize their utility function: • bi is where the marginal cost = marginal benefit for agent i slope = ci Vi • If neighbor’s contribution > bi, xi=0 • If neighbor’s contribution < bi, xi = difference xi bi

  10. What is an equilibrium? • Nash Equilibrium • Stable point (vector of investments) at which no agent has incentive to change their current strategy • This happens when: • Leverage Linear Complementarity literature

  11. Existence and Uniqueness • Proposition 1: If W is strictly diagonally dominant, , then there exists a unique Nash Equilibrium for the proposed game • Proof: Follows from standard LCP results which states that any P matrix (one with positive principal minors) will have a unique solution to the optimization problem. We simply show that a W matrix is a P matrix.

  12. Convergence • Proposition 2: If W is strictly diagonally dominant, , then asynchronous best response dynamics converges to the unique Nash Equilibrium from any starting point x(0)>0. The best response dynamics are described by: • Proof: Follows from standard LCP results which provides a synchronous algorithm. Using the Asynchronous Convergence Theorem (Bertsekas), we can establish that the ABRD also converges

  13. Free Riding • One measure of contribution relative to what they need, free riding index: • Another measure of relative contribution allows for network effects to be taken into account, fair share index: Contribution of player i if all players are isolated Contribution of player i in networked environment Impact of neighbors’ investments Investment made by i with no neighbors

  14. -.1 -.1 .2 .1 -.1 -.1 .2 .1 -.1 -.1 .1 .2 -.1 -.1 .1 .2 .2 -.1 .2 -.1 -.1 .1 -.1 .1 -.1 .2 .1 -.1 -.1 -.1 .2 .1 -.1 -.1 .1 .2 -.1 -.1 .1 .2 Web Authentication Example • Utility function:

  15. Improving the Equilibrium • Theorem 1: Suppose xi > 0 and xj> 0 for some i≠j. Then, there exists continuous trajectories, W(t) = (wkl(t)) and x∗(t) = (xk(t)) with t∈ [0, T ] such that: • x∗(0) = x∗ , W(0) = W • x∗(t) is the (unique) equilibrium under W(t) ∀ t • xi(t) and xj(t) are strictly decreasing in t • xk(t) is constant for all k∉{i, j} and all t • W(t) is component-wise differentiable and increasing in t (weakly, in magnitude)

  16. Improving the Equilibrium 3 5 2 • Proof sketch of Theorem 1: • Observe: if the effective investments over the purple links are not changed, the investments in Group B will not change 6 1 4 Group A Group B • Pick 2 nodes: i,j • For k∉{i.j}

  17. Improvements to Equilibrium • A linear increase in the strength of the links results in a nonlinear decrease in investments between nodes 1 and 2

  18. Qualitative Implications • For web authentication: • Should high risk organizations subsidize the IT budgets of low risk organizations (e.g. Citibank works with non-profits to aid their authentication efforts)? • Should government label websites by risk factor so users know which sites they can safely group together with a single password?

More Related